Summary: This article contains step-by-step instructions on how to configure a report of users whose password was expired over a specified number of days.
Applies to: 7.x and later
ID: KB20210204-2
Configuration:
The example below shows how to configure a report of users whose password expired over 30 days ago.
- In Admin Console click +New and create a new AD Users rule.
- Specify Limit scope to this Domain or OU - select domain or OU.
- Specify the following Query criteria using Query builder:
{(PasswordNeverExpires -eq $False) -and (pwdLastSet -ne "0")}
- Open the Other Query Settings section and specify the Filter:
{$_."msDS-UserPasswordExpiryTimeComputed" -ne "0x7FFFFFFFFFFFFFFF" -and $_."msDS-UserPasswordExpiryTimeComputed" -ne $(0) -and $_."msDS-UserPasswordExpiryTimeComputed" -le $([DateTime]::Now.AddDays(-30).ToFileTime())}
- In Properties to display add this expression to calculate Password Expiration Date:
,msDS-UserPasswordExpiryTimeComputed~Password Expiration Date~[datetime]::FromFileTime(`$_."msDS-UserPasswordExpiryTimeComputed")
- Click Save Changes
Comments
0 comments
Please sign in to leave a comment.